Since my last post, I have seen quite a few instances of friends or colleagues getting hacked online including:
– Facebook account hijacks
– Email accounts compromised
– Passwords lost/changed and accounts locked
In one case, it was a severe hack which led to a professional business emailing out all customers with a link which then infected other businesses networks when opened! Online security is hugely important for businesses and for people, yet often forgotten.
Small to large businesses should invest in network security, but the realism is that this can be costly, and even when spending big numbers, you can get hacked (sorry Sony!)
As long as you don’t upset North Korea, or political activists, you’re most likely quite safe from a targeted and substantial attack such as the one above – However, there are a lot of automatic bots out there trying to hack the “little people”. End users (you and me) rather than businesses, are generally less secure and thus easier targets.
Most people are aware of the online dangers and do a few things to protect themselves, but all it takes is one email or one “accident” for a potentially serious and frustrating sequence of events. The purpose of this blog post is more of a few tips on how to keep secure online – Follow these and you’ll be much better off!
1) Enable 2-factor-authentication on Email accounts (if compatible, such as Gmail) and Facebook. This means you need a code sent to you via SMS to login… You can save computers so only need to do it once each time. If someone knows your password, they still can’t access your accounts without your phone this way!
2) Make passwords secure – It’s frustrating trying to remember lots of unique complex passwords with letters, numbers, lower case, upper case, symbols and who knows what else. The last thing you want to do is have something like a pet name as your password with a few letters changed to numbers though – This isn’t difficult to “brute force” guess by trying lots of combinations. There are tools to improve your online security such as Lastpass that can do the hard work for you, or you could use letters from phrases! (Don’t forget your password 4 ever would be Dfyp4e for example…)
3) Is that a link in an email? Uh oh – Never, ever, EVER, open a link from an email unless you verify it! It’s as simple as that. Sophisticated attacks can make an email look like your bank, facebook, your email provider, or even a relative or friend! If it looks like a serious email and you really think you need to click the link, CHECK! Either google the first line of the email (to see if this is a common hack), or call the person that sent you it to check it was genuine. If it was from Facebook, or your bank, go to their sites directly by typing in their URL in the address bar. Even if the link is to their website, it may be a phishing attempt (so it’s actually a spoof site setup to steal your details).
4) Is that a link in a tweet? Same thing as point 3. New hacking techniques include facebook or twitter messages from random people including shortened links that do the same thing – Steals passwords or installs viruses. Even if it’s from someone known, they may have been hacked. Always check first before opening! If Alan Sugar tweets a link randomly and tells you all to open it, he’s either been hacked, or he’ll most likely write some text before or after the link explaining what it is. If he posts another tweet after, it’s most likely genuine.
5) Install free virus scanners – There is no need to pay for anti-virus protection. While they can be great software packages to have, there are several free solutions which do jobs as good if not better than the most expensive ones (http://www.avira.com/en/avira-free-antivirus). F-Secure which is £40ish a year (or more) will provide adequate protection, but so will Microsoft for free.
6) Put a pin code on your phone, and tell is to request the pin every single time you take it off standby. It amazes me how many people do not do this (because it can be a little bit annoying). The fact is, if you had your phone stolen without the requirement of a pin, your identity could be stolen in about 2 minutes. How? Well, I imagine it’s sync’d with your email account, social logins and potentially even certain financial accounts (IG.com has saved login details in their app for example.. Terrible idea!)
The above 6 points are fairly obvious to some, and to others maybe something new – Just because you have anti-virus doesn’t mean you’re secure. Either way, follow those points and you’ll hopefully never have to deal with a panicky situation of a compromised account. Online security should be treated like your own personal home/car!
Paul Johnson correctly suggested that the safest passwords are actually full sentences including spaces. For example:
This is a very hard password to break
Not only is it memorable, but due to the length and punctuation it would be near impossible to brute force. The only problem is not all websites allow passwords to be this long (including spaces). That adds to the complexity of the situation, though something to bear in mind! For those sites, it may be worth using the first letter of each word (and including some numbers of course).
I have also replaced the recommendations for Microsoft Security Essentials with Avira Free-Antivirus (thanks Mike!) – Turns out Microsoft SEC has gone downhill the past few years!
Tweet me @thejsug !